Sessions are handled by the Symfony2 framework, specifically API and underlying session handlers provided by HTTP Foundation component. This is further enhanced in eZ Platform with support for siteaccess-aware session cookie configuration.

Use of Memcached (or experimentally using PDO) as session handler is a requirement in Cluster setup, for details see below. For an overview of clustering feature see Clustering.

All site-related session configuration can be defined per siteaccess and SiteGroup:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

# ezplatform.ymlezpublish:system:my_siteaccess:session:# By default Session name is eZSESSID{siteaccess_hash}# with setting below you'll get eZSESSID{name},# allowing you to share sessions across SiteAccessname:my_session_name# These are optional. # If not defined they will fallback to Symfony framework configuration, # which itself fallback to default php.ini settingscookie_domain:mydomain.comcookie_path:/foocookie_lifetime:86400cookie_secure:falsecookie_httponly:true

In 5.x versions prior to 5.3 / 2014.03 the following siteaccess aware session setting where available:

1
2
3
4
5
6
7
8
9

# ezplatform.ymlezpublish:system:my_siteaccess:# By default Session name is eZSESSID{siteaccess_hash}# with setting below you'll get eZSESSID{name},# allowing you to share sessions across SiteAccess# This setting is deprecated as of 5.3session_name:my_session_name

In Symfony, a session handler is configured using framework.session.handler_id. Symfony can be configured to use custom handlers, or just fallback to what is configured in PHP by setting it to null (~).

eZ Platform uses the same default configuration as recent versions of Symfony standard distribution. This makes sure you can configure sessions purely in PHP by default, and allows Debian/Ubuntu session file cleanup cronjob to work as intended.

1
2
3
4
5

# Default config.yml session configurationframework:session:# handler_id set to null will use default session handler from php.inihandler_id:~

For Cluster setup we need to configure Sessions to use a backend that is shared between web servers and supports locking. Only options out of the box supporting this in Symfony are the native PHP memcached session save handler provided by the php-memcached extension, and Symfony session handler for PDO (database).

While not currently our recommendation from performance perspective, for setups where Database is preferred for storing Sessions, you may use Symfony's PdoSessionHandler.
Below is an configuration example for eZ Platform, but please refer to documented in Symfony Cookbook documentation for full documentation.